I’d like to shift views a little bit, and think about the problem that we usually focus on, which is building good defences, from the point of view of how to attack effectively. We tend to focus on the defending problem, for example, the confidentiality of my traffic, and in the mainstream and conservative approach to security that we all know and love we make very generous assumptions about the adversary: we are willing to assume that the adversary gets a copy of every packet we send, it can alter some of the bits in real time, and has unlimited computational power, etc. As a result of that conservative assumption, we ask to have solutions that assume that the network is unlimitedly hostile. And, if you want security, we must accept nothing less than end-to-end security, and if we don’t have to end-to-end security we simply assume that it is insecure, because it would be very silly to depend on anything less than this very reasonable conservative assumption.